The present invention relates to mobile Internet access and more particularly to Internet access obtained using mobile terminals coupled to the Internet via a communications access network.
Two of the technological fields which have undergone the greatest growth in the last decade are the Internet and mobile wireless telecommunications. It is not perhaps surprising therefore that a degree of fusion between these two fields is expected in the very near future. Indeed, operators of mobile networks are already facilitating Internet access for mobile wireless terminals for the purpose of full blown Internet access or to support limited xe2x80x9csmartxe2x80x9d messaging systems able to deliver information such as financial data, weather forecasts etc. on demand. At present, in order to access the Internet via a mobile telecommunications network, the mobile terminal (or rather the user of the terminal) must subscribe to a mobile network. This subscription may be either to the access network itself, or to some foreign network with which the operator of the access network has concluded a suitable agreement.
In the European Global System for Mobile communications (GSM), subscribers are allocated a unique International Mobile Subscriber Identity (IMSI) which comprises a country ID part identifying the country where the subscribers home network is located, a home network ID part identifying the subscriber""s home network, and a subscriber ID part identifying the subscriber within his home network. The code is stored on a Subscriber Identity Module (SIM) card which is plugged into the subscriber""s mobile terminal. Upon registering with a mobile network, the terminal sends the IMSI to the mobile network in order to allow the network operator to verify the identity of the terminal and to establish a billing relationship with the subscriber""s home network (if the subscriber is not at home). This authentication process further enables the home network to update its Home Location Register (HLR) which keeps track of the current locations of the home network""s subscribers, allowing incoming calls and other signalling information to be forwarded to the correct destination.
In GSM, Internet access is obtained through a conventional circuit switched network. However, there are plans to introduce in the very near future an additional packet switched core network (known as General Packet Radio Service or GPRS) into GSM, which should significantly enhance data services, and in particular Internet access services, available in GSM. A packet switched core network, such as GPRS, will also be included in so-called third generation mobile networks such as Universal Mobile Telecommunications Service (UMTS) networks.
In order to expand their potential markets, the operators of mobile telecommunications networks may in the future conclude agreements with Internet Service Providers (ISPs) to enable subscribers to those ISPs to access the Internet via mobile networks. Thus, in the future, a mobile terminal may not need to subscribe to a mobile network in order to obtain Internet access via a mobile network. Rather, the connection to the Internet via a mobile network may be authorised by a terminal""s home ISP, with the home ISP being billed for the connection charge.
Whilst such possible future cooperation between mobile network operators and ISPs opens up the possibilities of improved mobility and an expansion of available services, it also presents certain problems relating to the authentication of mobile terminals and to security within mobile networks.
It is presently envisaged that future mobile telecommunications systems, such as the proposed third generation Universal Mobile Telecommunications System (UMTS), will continue to make use of International Mobile Subscriber Identities (IMSIs) to facilitate the registration and authentication of mobile terminals. As such, mobile terminal users who do not have a subscription to a mobile network but who subscribe to an Internet Service Provider (ISP), are likely to be allocated IMSIs in the same way as subscribers to mobile networks. Indeed, the term IMSI may be replaced by the more general term International Mobile Identity (IMI) to indicate the broader applicability of this unique identity.
For mobile networks, there is likely to continue to exist dedicated signalling networks interconnecting the mobile networks for the purpose of relaying authentication (and other) messages between networks. For example, such signalling networks may be based upon Signalling System No.7 (SS7) or may use Internet Protocol (IP). However, ISPs are unlikely to be connected directly to dedicated signalling networks and a way must be found for relaying authentication messages between mobile networks and ISPs, based upon the IMI allocated to a subscriber or mobile terminal.
The inventor of the present invention has recognised that it is necessary to provide for a translation, between IMIs and ISP IP addresses, in order to enable signalling information to be routed between mobile networks and ISPs.
According to a first aspect of the present invention, there is provided a method of authenticating a mobile terminal in a communications access network, wherein the mobile terminal subscribes to an Internet Service Provider (ISP) and has a billing relationship therewith, the method comprising:
allocating to the mobile terminal a unique International Mobile Identity (IMI);
transmitting the IMI or a part thereof to an access network as part of an initial registration process for the mobile terminal with the network wherein the IMI or said part thereof identifies said ISP;
receiving the IMI or said part thereof at the access network and using an ISP IP address database to map the IMI or said part thereof to the IP address of the ISP; and
transmitting an authentication request from the access network to the ISP over the Internet using the identified IP address.
Preferably, said access network is a mobile telecommunications network and said mobile terminal is a mobile wireless terminal. It is noted that the term xe2x80x9cmobile terminalxe2x80x9d as used here encompasses stand-alone Internet enabled terminals, combinations of laptop/palmtop computers and mobile telephones, and other such systems. Terminals may comprise SIM cards storing respective IMIs, or an IMI may be stored in a memory of a terminal. Alternatively, the access network may be a fixed line access network, wherein said mobile terminals are connected to the network using a fixed line.
Embodiments of the present invention enable a single IMI format to be used for all mobile terminals regardless of whether or not they subscribe to an access network or to an ISP. Furthermore, ISP IP address databases held by access networks may be easily updated to reflect changes in IP addresses. In the absence of network based databases, it would be difficult or even impossible to change the IP address allocated to an ISP as this would require a change to be made in data held by each and every mobile terminal subscribing to that ISP.
Preferably, the IMI comprises a country code part which identifies the country where the subscriber""s home ISP is located, an operator ID part which identifies the home ISP and a subscriber ID part which identifies the terminal or subscriber within the home ISP. More preferably, said ISP IP address database comprises a first field containing country code and operator ID parts in combination, and a second field containing ISP IP addresses, whereby the IP address of an ISP can be determined by searching the database using the country code and operator ID parts supplied by a mobile terminal seeking to register with the access network.
Preferably, the access network is a Universal Mobile Telecommunications System (UMTS) network which comprises a radio access network including a plurality of Radio Network Controllers (RNCs). One or more of the RNCs is connected to the Internet via an Internet Access Server (IAS), wherein the mapping of the IMI or part thereof to an ISP IP address is performed at the RNC responsible for the mobile terminal. Alternatively, an RNC may incorporate certain IAS functionality (including routing functions) allowing the RNC to be connected directly to the Internet.
Preferably, as part of the radio link set-up (or registration) process between the mobile terminal and the network, an authentication certificate is sent, in encrypted form, from the mobile terminal to the network. The certificate is then forwarded by the access network to the ISP which authorises the mobile terminal on the basis of the received certificate. The ISP may then return an authorisation message to the access network either accepting or refusing to authorise the access network.
It is noted that the term xe2x80x9cISPxe2x80x9d is intended here to define an operator which provides a service via the Internet. This may be, for example, an operator who provides subscribers with an interface between their telephone connections and the Internet, a conventional telephone network operator, or an operator who provides some other service such as a financial service.
According to a second aspect of the present invention there is provided apparatus for authenticating a mobile terminal in a communications access network, wherein the mobile terminal subscribes to an Internet Service Provider (ISP) and has a billing relationship therewith, the apparatus comprising means arranged within the access network for receiving from the mobile terminal an International Mobile Identity (IMI) or part thereof, means for accessing an ISP IP address database to map the received IMI or part thereof to an IP address of the ISP server, and means for transmitting an authentication request from the access network to the ISP over the Internet using the derived IP address.
Preferably, said access network is a mobile telecommunications network, and the means for accessing said database and for transmitting the authentication request to the ISP are arranged within a Radio Network Controller (RNC) of a radio network part of the mobile telecommunications network.